Axios Supply Chain Attack: Malicious npm Package Delivers Cross-Platform RAT — OpenClaw 3.28 Users At Risk
One of the most widely-used JavaScript libraries in the world was silently backdoored today. Axios — the HTTP client with over 83 million weekly downloads — had two of its npm versions compromised in an active supply chain attack. And if you’re running OpenClaw 3.28 with the Slack plugin enabled, you need to act now. What Happened On March 31, 2026, attackers gained access to the npm credentials of Axios’s primary maintainer (“jasonsaayman”) and published two malicious versions: 1.14.1 and 0.30.4. Both versions inject a fake dependency called [email protected] that functions as a cross-platform Remote Access Trojan (RAT) dropper. ...